Data Security Law improves governance
A law on data security adopted last week will strengthen national security and the protection of people’s interests and also provide a legal basis for data utilization and governance in the digital era, internet and cybersecurity experts said.
The Standing Committee of the National People’s Congress, China’s top legislature, passed the law on Thursday after three reviews.
The 55-article law, which will come into effect on Sept 1, clarifies the national-level governance and protection of data, stipulating that the central leading body for State security is responsible for decision-making, deliberation and coordination of national data security.
It also says that data should be classified based on varying levels of importance to economic and social development, calling for the establishment of a data security coordination system, including risk assessment, monitoring, early warning and emergency response.
According to the law, those who violate the national core data management system and endanger the country’s sovereignty, security and development interests will face a fine of up to 10 million yuan ($1.6 million) and suspension of business or revocation of business license at the same time.
They may also be held criminally liable if their violation is serious enough.
Huang Peng, an engineer at the Ministry of Industry and Information Technology’s national research center for development of industrial information security, said harsher punishment for data leaks is a highlight of the law as it establishes a “red line” for handling data security risks.
“Those whose data leaks threaten national security will face a hefty fine,” he said.
Jiang Wei, deputy head of the Chinese Academy of Cyberspace Studies’ cybersecurity research institute, said the law will improve the nation’s data security capacity and promote a safe, orderly, fair and reasonable system of data governance.
“Making such a law is designed to effectively and comprehensively safeguard national sovereignty, security and development interests, so that the people can have a stronger sense of fulfillment, happiness and safety amid the growth of information technology,” Jiang told a magazine published by the Cyberspace Administration of China, the country’s top internet regulator.
Saying the law is a key step in speeding up legislation on data security and personal information protection to meet a requirement in the 14th Five-Year Plan (2021-25), he added it will also have an essential role in regulating data activities and boosting the high-quality development of the digital economy.
Li Jianhua, a cybersecurity professor at Shanghai Jiao Tong University, said the law — the country’s first on data security — will push data-related construction and supervision in various industries into a new era.
The law will make data flows safer and provide for stricter management of data shared with other countries and regions, Li said.
The law requires provincial-level governments and the central government to include the development of the digital economy in their plans for economic and social development. Data studies, technological promotion, business innovation and product development in datarelated industries will also be supported and encouraged nationwide.
The law not only strengthens the protection of data security, but also enhances the utilization of data, Li said, adding it “will be a new engine for the growth and innovation of the digital economy”.
China has intensified its efforts in cyberspace governance and digital construction in recent years, aiming to make public services more convenient for people and boost prosperity.
The Cybersecurity Law came into effect in 2017 and a regulation on data security was issued by the cyberspace administration in 2019.